Custom login and Stateless session for SAML integrated AEM | Community
Skip to main content
D
deepak112CTS
Level 2
August 20, 2018
Solved

Custom login and Stateless session for SAML integrated AEM

  • August 20, 2018
  • 5 replies
  • 1868 views

Hi All,

I have a design where Mobile app(written in angular 6) interacting with AEM (which is SAML integrated) to get the fragments from AEM.

What is happening?

When Mobile app is authenticating an user on AEM which redirects SAML login page for user and in turn AEM returns login token to Mobile app after successful authentication from SAML(site minder).

Then we have to write custom login handler to handle this session and along with this we need to store some data in same session.

Here are  my two questions?

1) How to write custom login handler to handle this session for SAML integrated AEM?

2) My session which I assume is state full, I want it to be stateless session. Please let me know 2 things here first how to change it to stateless and second

how to find whether a session is state full or state less session?

One more information will help me whats the basic diff between these two from design perspective (Stateless and Stat full).. I am aware about encapsulated token approach.

feike_visser

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

Hi,

ok, in that case it hasn't anything to do with SAML, but you need to store some data in a server-side session (which happens to belong to an authenticated user).

a session of 72h is quite long, and I would not allow such long HTTP sessions; you might want to create some dedicated sessionStore outside of AEM, which can hold this data.

5 replies

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
August 20, 2018

Hi,

at the moment it is not clear to me if the authentication is already working for you as you described. Can you please confirm? You should not need to write a custom login functionality using SAML (it's there ootb in product).

Regarding to your second question: AEM knows nothing about your user object in the first place, it just has a SAML token (cookie); and it does not need to maintain a persistent state (session) to work with it.

Jörg

D
deepak112CTSAuthor
Level 2
August 21, 2018

First Point:

I understand that it is OOTB to handle session but I have a use case where we need to store some data in current session(SAML authenticated session) and send login token + data back to Mobile application which is called to AEM.

For second point:

Scenario: Mobile app opens a session with AEM and session timeout is for 72 hours in Mobile.But in AEM we do not want to keep session open for so long.

So wanted to know how to handle this scenario.

joerghoh
Adobe Employee
joerghohAdobe EmployeeAccepted solution
Adobe Employee
August 21, 2018

Hi,

ok, in that case it hasn't anything to do with SAML, but you need to store some data in a server-side session (which happens to belong to an authenticated user).

a session of 72h is quite long, and I would not allow such long HTTP sessions; you might want to create some dedicated sessionStore outside of AEM, which can hold this data.

D
deepak112CTSAuthor
Level 2
August 21, 2018

Thanks for the clarification.

One more info I need how to write custom login handler for AEM 6.4

I am struggling a bit for this.

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
August 21, 2018

Regarding Login Handler: Maybe Apache Sling :: Authentication  can be helpful, it covers a broad range of topics in the area of authentiation and login. But if you have a SAML login, you should not have to write something on your own.

Jörg

Terms & ConditionsAccessibility statement

Loading footer...